<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<%@ page import="com.twoscreen.TUser"%>
<%@ page import="com.twoscreen.Points"%>
<%@ page import="com.twoscreen.DataProtectionRequest"%>
<%@ page import="com.google.appengine.api.users.User" %>
<%@ page import="com.google.appengine.api.users.UserService" %>
<%@ page import="com.google.appengine.api.users.UserServiceFactory" %>
<%
	//Variables
	UserService userService = UserServiceFactory.getUserService();
	User user = userService.getCurrentUser();
	String thisURL = request.getRequestURL().toString();
	TUser tuser = null;
	String username = null;
	String points = null;
	String correctAnswers = null;
	String viewerID = null;
	Boolean submitted = false;
	
	//Check if a user is signed in
	if (user != null) {
		tuser = TUser.getTUser(user);
		username = tuser.getUserName();
		points = Points.getPointsTotal(tuser);
		viewerID = tuser.getViewerId();
	}
	
	//Check if a DPA info request is submitted
	String subEmail = request.getParameter("dp-email");
	if (subEmail != null) {
		new DataProtectionRequest(subEmail, user);
		submitted = true;
	}
	
%>
<!doctype html>
<html>
	<head>
		<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
		<meta http-equiv="cache-control" content="no-store, no-cache, must-revalidate, max-age=1" />
		<meta http-equiv="pragma" content="no-cache" />
		<meta http-equiv="expires" value="1" />
		<title>Two-Screen | Privacy Policy</title>
		<link rel="shortcut icon" href="/images/favicon.ico" />
		<link href='https://fonts.googleapis.com/css?family=Montserrat|Exo:200,400' rel='stylesheet' type='text/css' />
		<link href="/css/web.css" rel="stylesheet" type="text/css" />
		<link rel="stylesheet" type="text/css" href="/css/jquery.fancybox.css?v=2.1.2" media="screen" />
		<script type="text/javascript" src="http://code.jquery.com/jquery-1.8.2.min.js"></script>
		<script type="text/javascript" src="/js/jquery.fancybox.js?v=2.1.3"></script>
		<script type="text/javascript" src="/js/userUpdateWeb.js"></script>
		<script type="text/javascript" src="/js/cufon-yui.js"></script>
		<script type="text/javascript" src="/js/College_700.font.js"></script>
		<script type="text/javascript">
			Cufon.replace('h1#logo');
		</script>
		<script type="text/javascript">
			var _gaq = _gaq || [];
			_gaq.push(['_setAccount', 'UA-35281811-1']);
			_gaq.push(['_trackPageview']);
			
			(function() {
			  var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
			  ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
			  var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
			})();
		</script>
	</head>
	<body onload="" onunload="">
	
		<div id="head-bg">
			<div class="inner-wrapper">
				<div id="header">
					<div id="head-logo">
						<a href="/"><img id="logo" alt="home" src="/images/logo2.png" /></a>
						<h1 id="logo"><a href="/">Two-screen</a></h1>
					</div>
					<ul class="menu">

<% 
	if (user != null) {
%>
				
						<li id="head-user">
							<h3 class="menu">you</h3>
							<ul class="head-sub">
								<li class="noHover"><h3>points: <%= points %></h3></li>
								<li><h3><a class="fancybox" href="#username-update-dialog">update username</a></h3></li>
								<li><h3>
										<a class="head-link" href="<%= userService.createLogoutURL(thisURL) %>">log out</a>
									</h3>
								</li>
							</ul>
						</li>
						

<% 
	} else {
%>
				
						<li id="head-user">
							<h3 class="menu"><a class="head-link" href="<%= userService.createLoginURL(thisURL) %>">log in</a></h3>
						</li>
				
<% 
	}
%>				
				
					
						<li id="head-explore">
							<h3 class="menu"><a class="head-link" href="/connect.jsp">watch</a></h3>
						</li>
						
						
						<li id="head-create">
							<h3 class="menu"><a class="head-link" href="/producers/index.jsp">create</a></h3>
						</li>
					</ul>
					
				</div>
				<div class="clear"></div>
			</div>
		</div>
	
		<div id="home-bg">
			<div class="inner-wrapper">

<% 
	if (submitted) {
%>

				<div class="notice">
					<p>Request sent successfully. You should receive an email within 7 days.</p>
				</div>

<% 
	}
%>

				<h1>Privacy Policy</h1>
				<h3>What information do we collect?</h3>
				<p>We collect information from you when you register on our site, place an order, 
					subscribe to our newsletter, respond to a survey or fill out a form.</p>
				<p>When ordering or registering on our site, as appropriate, you may be asked to enter your: 
					name, e-mail address or credit card information. You may, however, visit our site anonymously.</p>
				<h3>What do we use your information for?</h3>
				<p>Any of the information we collect from you may be used in one of the following ways:</p>
				<ul class="policy">
					<li>To personalise your experience (your information helps us to better
						 respond to your individual needs)</li>
					<li>To improve our web site (we continually strive to improve our web site 
						offerings based on the information and feedback we receive from you)</li>
					<li>To process transactions</li>
						<ul class="policy">
							<li>Your information, whether public or private, will not be sold, exchanged, 
								transferred, or given to any other company for any reason whatsoever, without your consent, 
								other than for the express purpose of delivering the purchased product or service requested.</li>
						</ul>
					<li>To administer a contest, promotion, survey or other site feature</li>
					<li>To send periodic emails</li>
				</ul>
				<p>The email address you provide for order processing, may be used to send you information and updates pertaining 
					to your order, in addition to receiving occasional company news, updates, related product or service information, 
					etc. If at any time you would like to unsubscribe from receiving future emails, we include detailed unsubscribe 
					instructions at the bottom of each email.</p>
				<h3>How do we protect your information?</h3>
				<p>We implement a variety of security measures to maintain the safety of your personal information when you place an 
					order or enter, submit, or access your personal information.</p>
				<p>We offer the use of a secure server. All supplied sensitive/credit information is transmitted via Secure Socket Layer 
					(SSL) technology and then encrypted into our Payment gateway providers database only to be accessible by those authorised 
					with special access rights to such systems, and are required to?keep the information confidential.</p>
				<p>After a transaction, your private information (credit cards, social security numbers, financials, etc.) will not be stored on our servers.</p>
				<h3>Do we use cookies?</h3>
				<p>Yes (Cookies are small files that a site or its service provider transfers to your computers hard drive through your Web browser 
					(if you allow) that enables the sites or service providers systems to recognise your browser and capture and remember certain information.</p>
				<p>Please see our <a href="/cookie-policy.jsp">cookie policy</a> for more information</p>
				<h3>Do we disclose any information to outside parties?</h3>
				<p>We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted 
					third parties who assist us in operating our web site, conducting our business, or servicing you, so long as those parties agree to keep this 
					information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site 
					policies, or protect ours or others rights, property, or safety. However, non-personally identifiable visitor information may be provided to 
					other parties for marketing, advertising, or other uses.</p>
				<h3>Third party links</h3>
				<p>Occasionally, at our discretion, we may include or offer third party products or services on our web site. These third party sites have separate
					 and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. 
					 Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.</p>
				<h3>California Online Privacy Protection Act Compliance</h3>
				<p>Because we value your privacy we have taken the necessary precautions to be in compliance with the California Online Privacy Protection Act. 
					We therefore will not distribute your personal information to outside parties without your consent.</p>
				<p>As part of the California Online Privacy Protection Act, all users of our site may make any changes to their username at any time by
					 selecting the 'username' link from the user menu.</p>
				<h3>Children's Online Privacy Protection Act Compliance</h3>
				<p>We are in compliance with the requirements of COPPA (Children's Online Privacy Protection Act), we do not collect any information from 
					anyone under 13 years of age. Our web site, products and services are all directed to people who are at least 13 years old or older.</p>
				<h3>Online Privacy Policy Only</h3>
				<p>This online privacy policy applies only to information collected through our web site and not to information collected offline.
				<h3>Your Consent</h3>
				<p>By using our site, you consent to our online privacy policy.</p>
				<h3>The Data Protection Act</h3>
				<p>In addition to the above your personal data is protected in the UK by the Data Protection Act 1998. 
					This provides amongst other things that the data we hold about you should be processed lawfully and fairly.  
					It should be accurate, relevant and not excessive.  The information should, where necessary, be kept up to date 
					and not retained for longer than is necessary.  It should be kept securely to prevent unauthorised access by 
					other people.</p>
				<p>You have the right to: 
				<ul class="policy">
					<li>See what data is held about you and correct any inaccuracies.</li>
					<li>object to processing that is likely to cause or is causing damage or distress.</li>
					<li>object to decisions being taken by automated means.</li>
				</ul>
				<p>If you would like to raise an objection or to make an enquiry concerning the Data Protection Act please contact us</p>
				<p>The information we hold about you is not available to download online.</p>
				
<% 
	if (user != null) {
%>				

				<p>To request a copy of the data we hold about you please complete the form below. Your information will be sent to the email address you
					registered with.</p>
				<form method="POST" action="privacy-policy.jsp">
					<label for="dp-email">Email address (this must be the one you registered with):</label><input type="text" name="dp-email" id="dp-email">
					<input type="submit" value="Submit">
				</form>

<% 
	} else {
%>
				
				<p>If you would like to receive a copy of the data we hold about you please sign in to this page where a request form will appear.</p>

<% 
	}
%>
	
				<h3>Changes to our Privacy Policy</h3>
				<p>If we decide to change our privacy policy, we will post those changes on this page.</p>
				<p>This policy was last modified on 27/11/2012</p>
				<p>This policy is powered by Trust Guard <a href='http://www.trust-guard.com/PCI-Compliance-s/65.htm' target='_blank'>PCI compliance</a>.</p>
				<br />
				<br />
			</div>
		</div>
		<div id="username-update-dialog" style="width:400px;display: none;">
			<h3>Update user name: <span id="currentUn"><%= username %></span></h3>
			<br>
			<label for="username">User name:</label><input type="text" name="username" id="username-input">
			<br>
			<p id="unError"></p>
			<div id="unSuggestions"></div>
			<button type="button" onclick="userSave()">Save</button>
		</div>
		<div id="username-success" style="width:400px;display: none;">
			<h3 class="success">User name saved</h3>
		</div>
		
		<%@ include file="/include/footer.html" %>
		
	</body>
</html>